Search Results

Search found 62215 results on 2489 pages for 'http basic authentication'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 916/2489 | < Previous Page | 912 913 914 915 916 917 918 919 920 921 922 923  | Next Page >

  • Upgrading/Installing Demantra 7.3.1.1? Check this out!

    - by user702295
    Here is a summary for relase 7.3.1.1 install/upgrade/features Data Preservation Setting for General Levels  Deploying Demantra Application Server 10g  Important upgrade Information  Known upgrade issues  Mozilla Firefox Browser  Installer Issues  Reviewing / Simulating General Level Data Such as CTO Base Model Demand  Failure Rate Calculation  Demantra SSL Client Authentication and Java 6  CTO functionality does not work in release 7.3.1.1 after upgrading from 7.3.0 using the ‘Platform Upgrade Only’ option.  User Privileges and Export Worksheet to Excell  Cookie Attribute Causes Logging Issue in Worksheet  List of bugs fixed in 7.3.1.1 See the following for details. Demantra 7.3.1.1 Install / Upgrade Known Issues, Notes, Guidance, Defects, Workarounds (Doc ID 1370518.1) Related Documents For Demantra Version 7.3.1.1 And If Demantra Supports The Required Stacks (Doc ID 1367141.1)

    Read the article

  • ASP.NET MVC Application In Action - I (DailyJournal)

    - by Rajesh Pillai
    Its been long due I was planning to write an article on creating some useful ASP.NET MVC application. I have code named it "DailyJournal". Its a simple application which allows creation of multiple activities and assign tasks to these activities. Its' kind of "Yet another Task/Todo application". The credentials which you can use with the attached demo application is shown below.   Collapse Copy Code User Name : admin Password : admin123 Framework/Libraries Used ASP.NET MVC jQuery + jQuery UI (for ajax and UI) ELMAH for Error logging Warning Ahead This is just a rough draft and so I am putting down some of the known limitation. Some points of warning before we move further with this application. This is just an early prototype. As such many of the design principles have been ignored. But, I try to cover that up in the next update once I get my head around this. The application in its current state supports the following features Create users Assign Activities to users Assign tasks to activities Assign a status to a task The user creation/authentication is being done by the default Membership provider. Most of the activities are highly visual i.e. you can drag-drop task to different areas, in-place edition of task details and so on.   The following are the current issues with the design which I promise to refactor in the second version. No Validations Fat Controller XSS/CSS vulnerable No Service model/abstraction yet. For the demo LINQ to SQL is implemented. No separation of layers UI Design et el... This is just an extract.  For source code and more information proceed to http://www.codeproject.com/KB/aspnet/mvcinaction.aspx Hope you like this!

    Read the article

  • Prevent mail flagged as spam when switching mail servers (new SPF records)?

    - by Jakobud
    For our business, we send out a significant amount of newsletter alerts to customers that sign up for it on our website. We used to send this mail directly from our web server via PHP. But because the web server limited us to the number of emails we could send per day, we purchased a VM server at a different host (that doesn't throttle email) and we are going to use that account solely for sending out the emails. Anyways, now that the SPF records are going to be different from what they used to be and the source mail server is different, what steps need to be taken to prevent these emails being flagged as spam? I know in Gmail, it's pretty smart about determining if the person actually sending the email is sending it from the server it expects (for flagging Phishing emails, etc). We don't want that to happen to our emails. Just sending a couple test emails out, Gmail's shows the SPF record saying: Authentication-Results: mx.google.com; spf=neutral (google.com: XXX.XXX.23.176 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected] So is there anything we need to do with regards to SPF records as we move forward?

    Read the article

  • Security in Robots and Automated Systems

    - by Roger Brinkley
    Alex Dropplinger posted a Freescale blog on Securing Robotics and Automated Systems where she asks the question,“How should we secure robotics and automated systems?”.My first thought on this was duh, make sure your robot is running Java. Java's built-in services for authentication, authorization, encryption/confidentiality, and the like can be leveraged and benefit robotic or autonomous implementations. Leveraging these built-in services and pluggable encryption models of Java makes adding security to an exist bot implementation much easier. But then I thought I should ask an expert on robotics so I fired the question off to Paul Perrone of Perrone Robotics. Paul's build automated vehicles and other forms of embedded devices like auto monitoring of commercial vehicles on highways.He says that most of the works that robots do now are autonomous so it isn't a problem in the short term. But long term projects like collision avoidance technology in automobiles are going to require it.Some of the work he's doing with his Java-based MAX, set of software building blocks containing a wide range of low level and higher level software modules that developers can use to build simple to complex robot and automation applications faster and cheaper, already provide some support for JAUS compliance and because their based on Java, access to standards based security APIs.But, as Paul explained to me, "the bottom line is…it depends on the criticality level of the bot, it's network connectivity, and whether or not a standards compliance is required."

    Read the article

  • Turning laptop into WAP using netgear WNA1100? (stuck at hostapd)

    - by Vivek Sharma
    I have a Netgear WNA1100 usb wifi adapter. I have installed Atheros driver from Forum Details (btw name of the file is ath9k_htc-installer.1.0.1-maverick-fixed.deb). I wish to make a setup like connectify(windows) on ubuntu, so that I can connect my phone wirelessly to my laptop via Netgear WNA1100 (behaving as AP) and eventually use internet via my wired lan. I have installed the above mentioned driver, hostapd and hostap-utils. Following is my hostapd.conf file. ssid=vks interface=wlan1 # The interface name of the card driver=ath9k_htc # The card driver macaddr_acl=0 accept_mac_file=/etc/hostapd.accept deny_mac_file=/etc/hostapd.deny ieee80211x=1 # Use 802.1X authentication auth_algs=1 ignore_broadcast_ssid=0 wpa=2 wpa_passphrase=88888888 wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP When i run sudo hostapd /etc/hostapd/hostapd.conf I get an error invalid/unknown driver 'ath9k_htc # The card driver I think the driver is installed fine, as i can see the blue led blinking on the netgear adapter, which was not blinking earlier. Can someone please guide me how to achieve this setup? I will appreciate an example hostapd.conf file with a simple wpa_psk security setup. Please be detailed and descriptive with commands. How to run and end it. Following is output from lsmod, i have only pasted the entries which had ath and ath related info. Which driver shall i use. Module Size Used by ath9k_htc 42903 0 ath9k_common 2563 1 ath9k_htc ath9k_hw 285176 2 ath9k_htc,ath9k_common ath 13001 2 ath9k_htc,ath9k_hw cfg80211 139811 3 ath9k_htc,mac80211,ath compat 4020 1 cfg80211 led_class 2633 3 ath9k_htc,thinkpad_acpi,sdhci Thanks.

    Read the article

  • Server-side Architecture for Online Game

    - by Draiken
    Hi, basically I have a game client that has communicate with a server for almost every action it takes, the game is in Java (using LWJGL) and right now I will start making the server. The base of the game is normally one client communicating with the server alone, but I will require later on for several clients to work together for some functionalities. I've already read how authentication server should be sepparated and I intend on doing it. The problem is I am completely inexperienced in this kind of server-side programming, all I've ever programmed were JSF web applications. I imagine I'll do socket connections for pretty much every game communication since HTML is very slow, but I still don't really know where to start on my server. I would appreciate reading material or guidelines on where to start, what architecture should the game server have and maybe some suggestions on frameworks that could help me getting the client-server communication. I've looked into JNAG but I have no experience with this kind of thing, so I can't really tell if it is a solid and good messaging layer. Any help is appreciated... Thanks !

    Read the article

  • StarterSTS 1.5

    - by Your DisplayName here!
    I have the 1.5 version of StarterSTS sitting here for quite some time now. But I was always reluctant to release it. Some of the reasons are: too many new features for a single (small) version change. to many features that are optional, like bridged authentication and thus make the code very complex. the way I implemented Azure integration adds a dependency on the Azure SDK, even for “on-premise” installations. I don’t like that. the fact I am using some WebForms bits and some WCF bits, the URL structure got messy. WebForms also don’t help a lot in testability All of the above reasons together plus the fact that I am the only architect, developer and tester on this project made me come to the conclusion that I will cancel this release. But wait… StarterSTS 1.5 is fully functional. We use both the on-premise and Azure versions internally “in production”. Cancelling means I will release the latest source code on Codeplex – but will not mark it as a “recommended release”. I also won’t produce updated screen casts and docs. Bu the setup is very similar to earlier versions. Feel free to use and customize 1.5 and give me feedback. On the good news front, I am working on a new version – welcome thinktecture IdentityServer. This version is based on MVC3 and the routing architecture, removed a lot of the clutter, has a SQL CE4 based configuration system, is more extensible – and in overall just cleaner. I will be able to upload CTPs very soon.

    Read the article

  • Software development project inception phase

    - by john ryan
    Currently our team develops Web Applications and now we are going to Windows Forms applications. I have created the inception phase for our Windows Forms project structure. eg: ApplicationSolution --> Security Project(Login Authentication) a. Users will be registered with different applications in our application database. eg: ProjectApplicationId|ProjectName | UserId 1 |ProjectApplication1| user 2 |ProjectApplication2| user b. Execute Application (Start) c. On Security dialog, application automatically get the userid of the user and see all the application it is registered using System.Security.Principal.WindowsIdentity.GetCurrent() eg: Prototype Welcome User! Please Choose Appliations you are registered on below: ProjectApplication1 <--this will be a dropdown ProjectApplication2 Password: [*********************] [Access Application Button] d. User selects the application with its password e. If the password is incorrect (application.exit()) else execute Selected Application eg: ProjectApplication1 is selected then execute ProjectApplication1 --> ProjectApplication1 --> ProjectApplication2 --> Many to come ++ if ProjectApplications has been closed then restart security Application. My questions on this use case: Is my use case possible? Can you give me any recommendations ? Currently we use setup and deployment to create installer in each Windows Forms application.

    Read the article

  • Byte Size Tips: How to Show Google / Gmail Contacts in the OS X Contacts App

    - by The Geek
    The Contacts app on OS X isn’t very interesting, but if you can use it to display your Gmail contacts, it’ll get a little bit better. Luckily it’s pretty easy to add your Google / Gmail contacts, but you’ll have to click the mouse a few times and maybe poke at the old keyboard once or twice to type in your email address and password. It’s worth noting that if you set up Gmail in the Mail app you shouldn’t have to do this. Since we prefer Gmail in a browser, that’s why we’re writing this. Or just because we’re procrastinating the book editing that we’re supposed to be doing. Don’t judge. Start by opening the Preferences for the Contacts app by heading up to the Menu bar. Go to Accounts and then click the + sign to add a new one. Choose CardDAV for the account type, use your Gmail username and password, and put google.com as the server address. If you are using two-factor authentication, you’ll need to create a specific password for this account.    

    Read the article

  • What are the hard and fast rules for Cache Control?

    - by Metalshark
    Confession: sites I maintain have different rules for Cache Control mostly based on the default configuration of the server followed up with recommendations from the Page Speed & Y-Slow Firefox plug-ins and the Network Resources view in Google's Speed Tracer. Cache-Control is set to private/public depending on what they say to do, ETag's/Last-Modified headers are only tinkered with if Y-Slow suggests there is something wrong and Vary-Accept-Encoding seems necessary when manually gziping files for Amazon CloudFront. When reading through the material on the different options and what they do there seems to be conflicting information, rules for broken proxies and cargo cult configurations. Any of the official information provided by the analysis tools mentioned above is quite inaccessible as it deals with each topic individually instead of as a unified strategy (so there is no cross-referencing of techniques). For example, it seems to make no sense that the speed analysis tools rate a site with ETag's the same as a site without them if they are meant to help with caching. What are the hard and fast rules for a platform agnostic Cache Control strategy? EDIT: A link through Jeff Atwood's article explains Caching in superb depth. For the record though here are the hard and fast rules: If the file is Compressed using GZIP, etc - use "cache-control: private" as a proxy may return the compressed version to a client that does not support it (the browser cache will hold files marked this way though). Also remember to include a "Vary: Accept-Encoding" to say that it is compressible. Use Last-Modified in conjunction with ETag - belt and braces usage provides both validators, whilst ETag is based on file contents instead of modification time alone, using both covers all bases. NOTE: AOL's PageTest has a carte blanche approach against ETags for some reason. If you are using Apache on more than one server to host the same content then remove the implicitly declared inode from ETags by excluding it from the FileETag directive (i.e. "FileETag MTime Size") unless you are genuinely using the same live filesystem. Use "cache-control: public" wherever you can - this means that proxy servers (and the browser cache) will return your content even if the rest of the page needs HTTP authentication, etc.

    Read the article

  • IDC's Sally Hudson on Securing Mobile Access

    - by Naresh Persaud
    After the launch of Identity Management 11g R2, Oracle Magazine writer David Baum sat down with Sally Hudson, research director of security products at International Data Corporation (IDC) to get her perspective on securing mobile access.  Below is an excerpt from the interview. The complete article can be found here. "We’re seeing a much more diverse landscape of devices, computing habits, and access methods from outside of the corporate network. This trend necessitates a total security picture with different layers and end-point controls. It used to be just about keeping people out. Now, you have to let people in. Most organizations are looking toward multifaceted authentication—beyond the password—by using biometrics, soft tokens, and so forth to do this securely. Corporate IT strategies have evolved beyond just identity and access management to encompass a layered security approach that extends from the end point to the data center. It involves multiple technologies and touch points and coordination, with different layers of security from the internals of the database to the edge of the network." ( Sally Hudson, Oracle Mag Sept/Oct 2012) As the landscape changes you can find out how to adapt by reading Oracle's strategy paper on providing identity services at Internet scale. 

    Read the article

  • What You Said: Where Do You Find Your Next Game?

    - by Jason Fitzpatrick
    Earlier this week we asked you to share your favorite places and tricks for finding new video games to play. It turns out the least of your problems was finding new games! From the comments it became apparent How-To Geek readers had absolutely no problem finding new games to add to their gaming stable. Buzz writes: I have quite an elaborate procedure in finding my next game:For free games i simply follow the feeds on a few websites like Freegamer, LinuxGames, HappyPenguin and Penguspy. Every now and them i browse Wikipedia articles on free/FOSS games. For commercial games the procedure depends on what i enjoyed the most in that game:- If i enjoyed the story or the general feel: i usually start with a game i like and look for sequels, prequels, mods or spinoffs. I even go out on a limb and give other platforms (than a PC) a try, even if it usually means emulation. If you really enjoy a game series/saga it’s usually worth the effort.- If i enjoy the producer/gaming company then i seek out more of their games.- If i enjoy the technical achievements that went into making the game or if i am concerned for the system requirements of my gear i try to play games that are built on the same engine(s) as one of the games i ran smooth and enjoyed.- If i feel like playing a particular genre i usually start with a title i enjoyed and look for alternatives or similar games- You can always try searching for Game of The Year winners for a particular time period or other similar accomplishments. They usually yield great results. How to Make Your Laptop Choose a Wired Connection Instead of Wireless HTG Explains: What Is Two-Factor Authentication and Should I Be Using It? HTG Explains: What Is Windows RT and What Does It Mean To Me?

    Read the article

  • PHP/MySQL Database application development tool

    - by RCH
    I am an amateur PHP coder, and have built a couple of dozen projects from scratch (including fairly simple e-commerce systems with user authentication, PayPal integration etc - all coded by hand from a clean page. Have also done a price comparison engine that takes data from multiple sites etc.). But I am no expert with OO and other such advanced techniques - I just have a fairly decent grasp of the basics of data processing, logic, functions and trying to optimize code as much as possible. I just want to make this clear so you have some idea of where I'm coming from. I have a couple of fairly large new projects on my plate for corporate clients - both require bespoke database-driven applications with complex relationships, many tables and lots of different front-end functions to manipulate that data for the internal staff in these companies. I figured building these systems from scratch would probably be a huge waste of time. Instead, there must be tools out there that will allow me to construct MySQL databases and build the pages with things like pagination, action buttons, table construction etc. Some kind of database abstraction layer, or system generator, if you will. What tool do you recommend for such a purpose for someone at my level? Open source would be great, but I don't mind paying for something decent as well. Thanks for any advice.

    Read the article

  • The Silverlight 4 Training Kit and Green Eggs &amp; Ham

    - by Jim Duffy
    Microsoft has released the Silverlight 4 Training Kit that steps you through the process of constructing Silverlight 4 business applications. “The Silverlight 4 Training Course includes a whitepaper explaining all of the new Silverlight 4 features, several hands-on-labs that explain the features, and a 8 unit course for building business applications with Silverlight 4. The business applications course includes 8 modules with extensive hands on labs as well as 25 accompanying videos that walk you through key aspects of building a business application with Silverlight. Key aspects in this course are working with numerous sandboxed and elevated out of browser features, the new RichTextBox control, implicit styling, webcam, drag and drop, multi touch, validation, authentication, MEF, WCF RIA Services, right mouse click, and much more!” What I think is pretty cool is that there are two ways to access this content, online and offline. Obviously the online version is great when you’re sitting at your desk and you’re connected to the web. What about when you don’t have a connection like when you’re located where you won’t eat green eggs & ham, like on a train or on plane perhaps? :-) You can download the offline version and hope that Sam I Am won’t be to distracting while you try to watch the videos or work your way through the labs. :-) Have a day. :-|

    Read the article

  • In c-panel mail goes in spam instead of inbox in gmail

    - by Robin Jain
    I have c-panel vps server I have create a domain in the same server but when I sent a mail through webmail to gmail email id it goes into spam. Note--->Mail ip note blacklisted Spf records enable DKIM enable reverse dns are perfect ====================================================================== Email header Information: Delivered-To: [email protected] Received: by 10.143.93.13 with SMTP id v13csp119806wfl; Fri, 6 Jul 2012 08:01:36 -0700 (PDT) Received: by 10.182.52.42 with SMTP id q10mr26133912obo.46.1341586895571; Fri, 06 Jul 2012 08:01:35 -0700 (PDT) Return-Path: <[email protected]> Received: from lakshyacs-u.securehostdns.com ([50.97.147.134]) by mx.google.com with ESMTPS id fx3si18028369obc.144.2012.07.06.08.01.35 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 06 Jul 2012 08:01:35 -0700 (PDT) Received-SPF: pass (google.com: domain of [email protected] designates 50.97.147.134 as permitted sender) client-ip=50.97.147.134; Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 50.97.147.134 as permitted sender) [email protected] Received: from localhost.localdomain ([127.0.0.1]:39016 helo=harishjoshico.com) by lakshyacs-u.securehostdns.com with esmtpa (Exim 4.77) (envelope-from <[email protected]>) id 1SnA2J-0006Nq-05 for [email protected]; Fri, 06 Jul 2012 20:31:35 +0530 Received: from 223.189.14.213 ([223.189.14.213]) (SquirrelMail authenticated user [email protected]) by harishjoshico.com with HTTP; Fri, 6 Jul 2012 20:31:35 +0530 Message-ID: <[email protected]> Date: Fri, 6 Jul 2012 20:31:35 +0530 Subject: ggglkhl From: [email protected] To: [email protected] User-Agent: SquirrelMail/1.4.22 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - lakshyacs-u.securehostdns.com X-AntiAbuse: Original Domain - gmail.com X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - harishjoshico.com jhkhl ================================================================

    Read the article

  • The Oracle Platform

    - by Naresh Persaud
    Today’s enterprises typically create identity management infrastructures using ad-hoc, multiple point solutions. Relying on point solutions introduces complexity and high cost of ownership leading many organizations to rethink this approach. In a recent worldwide study of 160 companies conducted by Aberdeen Research, there was a discernible shift in this trend as businesses are now looking to move away from the point solution approach from multiple vendors and adopt an integrated platform approach. By deploying a comprehensive identity and access management strategy using a single platform, companies are saving as much as 48% in IT costs, while reducing audit deficiencies by nearly 35%. According to Aberdeen's research, choosing an integrated suite or “platform” of solutions for Identity Management from a single vendor can have many advantages over choosing “point solutions” from multiple vendors. The Oracle Identity Management Platform is uniquely designed to offer several compelling benefits to our customers.  Shared Services: Instead of separate solutions for - Administration, Authentication, Authorization, Audit and so on–  Oracle Identity Management offers a set of share services that allows these services to be consumed by each component in the stack and by developers of new applications  Actionable Intelligence: The most compelling benefit of the Oracle platform is ” Actionable intelligence” which means if there is a compliance violation, the same platform can fix it. And If a user is logging in from an un-trusted device or we detect an attack and act proactively on that information. Suite Interoperability: With the oracle platform the components all connect and integrated with each other. So if an organization purchase the platform for provisioning and wants to manage access, then the same platform can offer access management which leads to cost savings. Extensible and Configurable: With point solutions – you typically get limited ability to extend the tool to address custom requirements. But with the Oracle platform all of the components have a common way to extend the UI and behavior Find out more about the Oracle Platform approach in this presentation. Platform approach-series-the oracleplatform-final View more PowerPoint from OracleIDM

    Read the article

  • Organization standards for large programs

    - by Chronicide
    I'm the only software developer at the company where I work. I was hired straight out of college, and I've been working here for several years. When I started, eveeryone was managing their own data as they saw fit (lots of filing cabinets). Until recently, I've only been tasked with small standalone projects to help with simple workflows. In the beginning of the year I was asked to make a replacement for their HR software. I used SQL Server, Entity Framework, WPF, along with MVVM and Repository/Unit of work patterns. It was a huge hit. I was very happy with how it went, and it was a very solid program. As such, my employer asked me to expand this program into a corporate dashboard that tracks all of their various corporate data domains (People, Salary, Vehicles/Assets, Statistics, etc.) I use integrated authentication, and due to the initial HR build, I can map users to people in positions, so I know who is who when they open the program, and I can show each person a customized dashboard given their work functions. My concern is that I've never worked on such a large project. I'm planning, meeting with end users, developing, documenting, testing and deploying it on my own. I'm part way through the second addition, and I'm seeing that my code is getting disorganized. It's still programmed well, I'm just struggling with the organization of namespaces, classes and the database model. Are there any good guidelines to follow that will help me keep everything straight? As I have it now, I have folders for Data, Repositories/Unit of Work, Views, View Models, XAML Resources and Miscellaneous Utilities. Should I make parent folders for each data domain? Should I make separate EF models per domain instead of the one I have for the entire database? Are there any standards out there for organizing large programs that span multiple data domains? I would appreciate any suggestions.

    Read the article

  • Top 25 security issues for developers of web sites

    - by BizTalk Visionary
    Sourced from: CWE This is a brief listing of the Top 25 items, using the general ranking. NOTE: 16 other weaknesses were considered for inclusion in the Top 25, but their general scores were not high enough. They are listed in the On the Cusp focus profile. Rank Score ID Name [1] 346 CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') [2] 330 CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') [3] 273 CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') [4] 261 CWE-352 Cross-Site Request Forgery (CSRF) [5] 219 CWE-285 Improper Access Control (Authorization) [6] 202 CWE-807 Reliance on Untrusted Inputs in a Security Decision [7] 197 CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [8] 194 CWE-434 Unrestricted Upload of File with Dangerous Type [9] 188 CWE-78 Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') [10] 188 CWE-311 Missing Encryption of Sensitive Data [11] 176 CWE-798 Use of Hard-coded Credentials [12] 158 CWE-805 Buffer Access with Incorrect Length Value [13] 157 CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion') [14] 156 CWE-129 Improper Validation of Array Index [15] 155 CWE-754 Improper Check for Unusual or Exceptional Conditions [16] 154 CWE-209 Information Exposure Through an Error Message [17] 154 CWE-190 Integer Overflow or Wraparound [18] 153 CWE-131 Incorrect Calculation of Buffer Size [19] 147 CWE-306 Missing Authentication for Critical Function [20] 146 CWE-494 Download of Code Without Integrity Check [21] 145 CWE-732 Incorrect Permission Assignment for Critical Resource [22] 145 CWE-770 Allocation of Resources Without Limits or Throttling [23] 142 CWE-601 URL Redirection to Untrusted Site ('Open Redirect') [24] 141 CWE-327 Use of a Broken or Risky Cryptographic Algorithm [25] 138 CWE-362 Race Condition Cross-site scripting and SQL injection are the 1-2 punch of security weaknesses in 2010. Even when a software package doesn't primarily run on the web, there's a good chance that it has a web-based management interface or HTML-based output formats that allow cross-site scripting. For data-rich software applications, SQL injection is the means to steal the keys to the kingdom. The classic buffer overflow comes in third, while more complex buffer overflow variants are sprinkled in the rest of the Top 25.

    Read the article

  • SharePoint 2010 Video Training

    - by Sahil Malik
    Ad:: SharePoint 2007 Training in .NET 3.5 technologies (more information). Yes, the DVD is finally available. This is an exhaustive 14 hour video course that Carl and I recorded back in April. It is an end-to-end overview of SharePoint 2010. You can view more details including ordering information about the DVD here. And if you’re interested, a SharePoint 2007 video training version is also available. Carl and I worked quite hard on putting these together, so we hope you enjoy these. Detailed Table of Contents: Introduction (13:49) 30,000 Foot Overview (42:07) Application Management (43:35) User Experience (16:00) Writing Code Part 1 (1:07:49) Writing Code Part 2 (34:41) Simple Web Parts (14:01) Visual Web Parts (6:35) Pages (35:02) Putting it All Together (29:13) Client Side Technology (49:19) ADO.NET Data Services (51:29) Custom Data Services (43:30) Managing Data (29:02) Managing Data: Content Types (17:11) Managing Data: Events (19:22) Managing Data: List Scalability (35:51) Managing Data: Querying (20:07) Enterprise Content Management: DocumentIDs and Document Sets (16:44) Enterprise Content Management: Metadata Infrastructure (22:13) Enterprise Content Management: Record Management (26:27) Enterprise Content Management: Content Organizer (7:21) Enterprise Content Management: Enterprise Content Types (11:21) Business Connectivity Services (BCS) in the SharePoint Designer (26:09) BCS in Visual Studio (9:57) Workflows in the SharePoint Designer (22:07) Workflows in Visual Studio (19:01) Business Intelligence (21:14) Excel (15:25) Performance Point (24:37) Security: Claims-Based Authentication (27:13) Security: Secure Store Service (11:04) Security: The SharePoint Object Model (11:16) Comment on the article ....

    Read the article

  • Is there a way to use the facebook sdk with libgdx?

    - by Rudy_TM
    I have tried to use the facebook sdk in libgdx with callbacks, but it never enters the authetication listeners, so the user never is logged in, it permits the authorization for the facebook app but it never implements the authentication interfaces :( Is there a way to use it? public MyFbClass() { facebook = new Facebook(APPID); mAsyncRunner = new AsyncFacebookRunner(facebook); SessionStore.restore(facebook, this); FB.init(this, 0, facebook, this.permissions); } ///Method for init the permissions and my listener for authetication public void init(final Activity activity, final Facebook fb,final String[] permissions) { mActivity = activity; this.fb = fb; mPermissions = permissions; mHandler = new Handler(); async = new AsyncFacebookRunner(mFb); params = new Bundle(); SessionEvents.addAuthListener(auth); } ///I call the authetication process, I call it with a callback from libgdx public void facebookAction() { // TODO Auto-generated method stub fb.authenticate(); } ///It only allow the app permission, it doesnt register the events public void authenticate() { if (mFb.isSessionValid()) { SessionEvents.onLogoutBegin(); AsyncFacebookRunner asyncRunner = new AsyncFacebookRunner(mFb); asyncRunner.logout(getContext(), new LogoutRequestListener()); //SessionStore.save(this.mFb, getContext()); } else { mFb.authorize(mActivity, mPermissions,0 , new DialogListener()); } } public class SessionListener implements AuthListener, LogoutListener { @Override public void onAuthSucceed() { SessionStore.save(mFb, getContext()); } @Override public void onAuthFail(String error) { } @Override public void onLogoutBegin() { } @Override public void onLogoutFinish() { SessionStore.clear(getContext()); } } DialogListener() { @Override public void onComplete(Bundle values) { SessionEvents.onLoginSuccess(); } @Override public void onFacebookError(FacebookError error) { SessionEvents.onLoginError(error.getMessage()); } @Override public void onError(DialogError error) { SessionEvents.onLoginError(error.getMessage()); } @Override public void onCancel() { SessionEvents.onLoginError("Action Canceled"); } }

    Read the article

  • HTG Explains: The Best and Worst Ways to Send a Resume

    - by Eric Z Goodnight
    With so many people looking for jobs, the slightest edge in your resume presentation has potential to make or break your chances. But not all filetypes or methods are created equal—read on to see the potential pitfalls your resume faces. In this article, we’ll explore what can go wrong in a resume submission, what can be done to counteract it, and also go into why a prospective employer might ignore your resume based on your method of sending a resume. Finally, we’ll cover the best filetypes and methods that can help get you that new job you’ve been looking for. What Sets Your Resume Apart? Latest Features How-To Geek ETC Internet Explorer 9 RC Now Available: Here’s the Most Interesting New Stuff Here’s a Super Simple Trick to Defeating Fake Anti-Virus Malware How to Change the Default Application for Android Tasks Stop Believing TV’s Lies: The Real Truth About "Enhancing" Images The How-To Geek Valentine’s Day Gift Guide Inspire Geek Love with These Hilarious Geek Valentines The Citroen GT – An Awesome Video Game Car Brought to Life [Video] Four Awesome TRON Legacy Themes for Chrome and Iron Anger is Illogical – Old School Style Instructional Video [Star Trek Mashup] Get the Old Microsoft Paint UI Back in Windows 7 Relax and Sleep Is a Soothing Sleep Timer Google Rolls Out Two-Factor Authentication

    Read the article

  • Easily Add Program Shortcuts to the Desktop Context Menu in Windows 7

    - by Lori Kaufman
    If you use the Desktop context menu often, wouldn’t it be useful if you could add program shortcuts to it so you can quickly access your favorite apps? We’ve shown you how to do this using a quick registry tweak, but there’s an easier way. DeskIntegrator is a free, portable program that allows you to quickly and easily add applications to the Desktop context menu. It does not need to be installed. Extract the program files from the .zip file you downloaded (see the link at the end of the article) to a location on your hard drive. NOTE: This article shows you how to use DeskIntegrator in Windows 7, but we tested it in Windows 8 Release Preview and it worked there as well. To use DeskIntegrator, you must run it as administrator. Right-click on the DeskIntegrator.exe file and select Run as administrator from the popup menu. HTG Explains: What Is Two-Factor Authentication and Should I Be Using It? HTG Explains: What Is Windows RT and What Does It Mean To Me? HTG Explains: How Windows 8′s Secure Boot Feature Works & What It Means for Linux

    Read the article

  • Joomla Secondary Users

    - by Gaz_Edge
    Background I have a joomla based application. My customers sign up and they register as a user on the site. My customers (primary customers) then have their own space on the site that they can then setup their own customers (secondary customer). Question/Problem The problem I am having is that I need to tag each secondary customer to a primary customer. I thought about just creating a new component and having a separate table that includes all the secondary customers. The problem is that I then lose out on all the authentication, session handling and login/logout that the core joomla _users component offers. I then thought about just having all the users in the core _users table and add the primary customer associated with each secondary customer to a field in a profile plugin. This would work for the most part, but this means that primary customers cannot create a secondary customer with a user name that already exists in the _users table. I didn't think this would be an issue, but several of my primary customers (currently only test users) have been confused by the site telling them a username is not available, since they can only see the names of their own secondary customers. Any ideas on some architectural changes I could make to solve this?

    Read the article

  • JSON Support in Azure

    - by kaleidoscope
    Please find how we call JavaScript Object Notation in cloud applications. As we all know how client script is useful in web applications in terms of performance.           Same we can use JQuery in Asp.net using Cloud  computing which will  asynchronously pull any messages out of the table(cloud storage)  and display them in the     browser by invoking a method on a controller that returns JavaScript Object Notation (JSON) in a well-known shape. Syntax : Suppose we want to write a  JQuery function which return some notification while end user interact with our application so use following syntax : public JsonResult GetMessages() {      if (User.Identity.IsAuthenticated)      {     UserTextNotification[] userToasts =           toastRepository.GetNotifications(User.Identity.Name);          object[] data =          (from UserTextNotification toast in userToasts          select new { title = toast.Title ?? "Notification",          text = toast.MessageText }).ToArray();           return Json(data, JsonRequestBehavior.AllowGet);      }         else            return Json(null); } Above function is used to check authentication and display message if user is not exists in Table. Plateform :   ASP.NET 3.5  MVC 1   Under Visual Studio 2008  . Please find below link for more detail : http://msdn.microsoft.com/en-us/magazine/ee335721.aspx   Chandraprakash, S

    Read the article

  • CodePlex Daily Summary for Thursday, October 31, 2013

    CodePlex Daily Summary for Thursday, October 31, 2013Popular ReleasesTCPEssentials: TCPEssentials 1.0.0.1: Changed the name of method SplitArray to Split. Standardization is important...Community Forums NNTP bridge: Community Forums NNTP Bridge V54 (LiveConnect): This is the first release which can be used with the new LiveConnect authentication. Fixes the problem that the authentication will not work after 1 hour. Also a logfile will now be stored in "%AppData%\Community\CommunityForumsNNTPServer". If you have any problems please feel free to sent me the file "LogFile.txt".WPF Extended DataGrid: WPF Extended DataGrid 2.0.0.9 binaries: Fixed issue with ICollectionView containg null values (AutoFilter issue)Community TFS Build Extensions: October 2013: The October 2013 release contains Scripts - a new addition to our delivery. These are a growing library of PowerShell scripts to use with VS2013. See our documentation for more on scripting. VS2010 Activities(target .NET 4.0) VS2012 Activities (target .NET 4.5) VS2013 Activities (target .NET 4.5.1) Community TFS Build Manager VS2012 Community TFS Build Manager VS2013 The Community TFS Build Managers for VS2010, 2012 and 2013 can also be found in the Visual Studio Gallery where upda...SuperSocket, an extensible socket server framework: SuperSocket 1.6 stable: Changes included in this release: Process level isolation SuperSocket ServerManager (include server and client) Connect to client from server side initiatively Client certificate validation New configuration attributes "textEncoding", "defaultCulture", and "storeLocation" (certificate node) Many bug fixes http://docs.supersocket.net/v1-6/en-US/New-Features-and-Breaking-ChangesBarbaTunnel: BarbaTunnel 8.1: Check Version History for more information about this release.Mugen MVVM Toolkit: Mugen MVVM Toolkit 2.1: v 2.1 Added the 'Should' class instead of the 'Validate' class. The 'Validate' class is now obsolete. Added 'Toolkit.Annotations' to support the Mugen MVVM Toolkit ReSharper plugin. Updated JetBrains annotations within the project. Added the 'GlobalSettings.DefaultActivationPolicy' property to represent the default activation policy. Removed the 'GetSettings' method from the 'ViewModelBase' class. Instead of it, the 'GlobalSettings.DefaultViewModelSettings' property is used. Updated...NAudio: NAudio 1.7: full release notes available at http://mark-dot-net.blogspot.co.uk/2013/10/naudio-17-release-notes.htmlLayered Architecture Solution Guidance (LASG): LASG 1.0.1.0 for Visual Studio 2012: PRE-REQUISITES Open GAX (Please install Oct 4, 2012 version) Microsoft® System CLR Types for Microsoft® SQL Server® 2012 Microsoft® SQL Server® 2012 Shared Management Objects Microsoft Enterprise Library 6.0 (for the generated code) Windows Azure SDK (for layered cloud applications) Silverlight 5 SDK (for Silverlight applications) THE RELEASE This release only works on Visual Studio 2012. Known Issue If you choose the Database project, the solution unfolding time will be slow....DirectX Tool Kit: October 2013: October 28, 2013 Updated for Visual Studio 2013 and Windows 8.1 SDK RTM Added DGSLEffect, DGSLEffectFactory, VertexPositionNormalTangentColorTexture, and VertexPositionNormalTangentColorTextureSkinning Model loading and effect factories support loading skinned models MakeSpriteFont now has a smooth vs. sharp antialiasing option: /sharp Model loading from CMOs now handles UV transforms for texture coordinates A number of small fixes for EffectFactory Minor code and project cleanup ...ExtJS based ASP.NET Controls: FineUI v4.0beta1: +2013-10-28 v4.0 beta1 +?????Collapsed???????????????。 -????:window/group_panel.aspx??,???????,???????,?????????。 +??????SelectedNodeIDArray???????????????。 -????:tree/checkbox/tree_checkall.aspx??,?????,?????,????????????。 -??TimerPicker???????(????、????ing)。 -??????????????????????(???)。 -?????????????,??type=text/css(??~`)。 -MsgTarget???MessageTarget,???None。 -FormOffsetRight?????20px??5px。 -?Web.config?PageManager??FormLabelAlign???。 -ToolbarPosition??Left/Right。 -??Web.conf...CODE Framework: 4.0.31028.0: See change notes in the documentation section for details on what's new. Note: If you download the class reference help file with, you have to right-click the file, pick "Properties", and then unblock the file, as many browsers flag the file as blocked during download (for security reasons) and thus hides all content.VidCoder: 1.5.10 Beta: Broke out all the encoder-specific passthrough options into their own dropdown. This should make what they do a bit more clear and clean up the codec list a bit. Updated HandBrake core to SVN 5855.Indent Guides for Visual Studio: Indent Guides v14: ImportantThis release has a separate download for Visual Studio 2010. The first link is for VS 2012 and later. Version History Changed in v14 Improved performance when scrolling and editing Fixed potential crash when Resharper is installed Fixed highlight of guides split around pragmas in C++/C# Restored VS 2010 support as a separate download Changed in v13 Added page width guide lines Added guide highlighting options Fixed guides appearing over collapsed blocks Fixed guides not...ASP.net MVC Awesome - jQuery Ajax Helpers: 3.5.3 (mvc5): version 3.5.3 - support for mvc5 version 3.5.2 - fix for setting single value to multivalue controls - datepicker min max date offset fix - html encoding for keys fix - enable Column.ClientFormatFunc to be a function call that will return a function version 3.5.1 ========================== - fixed html attributes rendering - fixed loading animation rendering - css improvements version 3.5 ========================== - autosize for all popups ( can be turned off by calling in js...Media Companion: Media Companion MC3.585b: IMDB plot scraping Fixed. New* Movie - Rename Folder using Movie Set, option to move ignored articles to end of Movie Set, only for folder renaming. Fixed* Media Companion - Fixed if using profiles, config files would blown up in size due to some settings duplicating. * Ignore Article of An was cutting of last character of movie title. * If Rescraping title, sort title changed depending on 'Move article to end of Sort Title' setting. * Movie - If changing Poster source order, list would beco...MoreTerra (Terraria World Viewer): MoreTerra 1.11.4: Release 1.11.4 =========== = Compatibility = =========== Updated to add the new tiles/walls in 1.2.1Emptycanvas: Emptycanvas v21: Maintenant plusieurs lumières possibles.PowerShell App Deployment Toolkit: PowerShell App Deployment Toolkit v3.0.7: This is a bug fix release, containing some important fixes! Fixed issue where Session 0 was not detected correctly, resulting in issues when attempting to display a UI when none was allowed Fixed Installation Prompt and Installation Restart Prompt appearing when deploy mode was non-interactive or silent Fixed issue where defer prompt is displayed after force closing multiple applications Fixed issue executing blocked app execution dialog from UNC path (executed instead from local tempo...BlackJumboDog: Ver5.9.7: 2013.10.24 Ver5.9.7 (1)FTP???????、2?????????????shift-jis????????????? (2)????HTTP????、???????POST??????????????????New ProjectsBF4Rcon.NET: BF4Rcon.NET is a .NET library for Battlefield 4's remote server administration interface.Command Processor: Command Processor with "Command Query Responsibility" prencipleDqyt.sk: a solution for sk project.Edit Visual Studio LoadTest Results' Name and Description: A simple addin to Visual Studio 2012 and Visual Studio 2010, which enables a LoadTest user to be able to give custom name and description for their loadtest.Grauers Set Metadata Properties: Use this to automatically set ISSUE, APPROVED BY and APPROVED DATEIkeCode WP7.1+ Toolkit: IkeCode WP7.1+ Toolkit is an initiative to create methods that facilitate the development of application.MongoDAO: MongoDB C#NB_Store Payment On Delivery Gateway: NB_Store Payment On Delivery Gateway allows you to add "Paymeny On Delivery" to your NB_Store webshop on DNN.occupie: // to doOffice and PDF API for .NET Components: As an independent .NET component, Spire.Office doesn't need Microsoft Office to be installed on System. It supports C# word, C# Excel and C# PDF.SharePoint Workflow Manager | Bulk Start or Terminate workflows: SharePoint Workflow Manager allows you bulk start or terminate SharePoint workflows on all items in a list.System App: The System App is a sleek, smart and open-source IT mapping and monitoring tool by Zalando.TCPEssentials: TCPEssentials is a C# Library that helps simplify the task of managing TCP connections, and also gives you a few tools that may be useful.Wangls: ???WindowSMART: WindowSMART 2013 and Home Server SMART 2013 are powerful hard disk and SSD health monitoring, reporting and alerting tools for Windows.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 912 913 914 915 916 917 918 919 920 921 922 923  | Next Page >